Follow Slashdot blog updates by subscribing to our blog RSS feed

 


Forgot your password?
Close
typodupeerror
×
Security Software Android Google Operating Systems Games Entertainment Technology

Over 500K People Have Installed a Pokemon Go-Related App That Roots and Hijacks Android Devices (softpedia.com) 57

Posted by BeauHD from the gotta-catch-em-all dept.
An anonymous reader writes: Over 500,000 people have downloaded an Android app called "Guide for Pokemon Go" that roots the devices in order to deliver ads and installs apps without the user's knowledge. Researchers that analyzed the malware said it contained multiple defenses that made reverse-engineering very difficult -- some of the most advanced they've seen -- which explains why it managed to fool Google's security scanner and end up on the official Play Store. The exploits contained in the app's rooting functions were able to root any Android released between 2012 and 2015. The trojan found inside the app was also found in nine other apps, affecting another 100,000 users. The crook behind this trojan was obviously riding various popularity waves, packing his malware in clones for whatever app or game is popular at one particular point in time.
This discussion has been archived. No new comments can be posted.

Over 500K People Have Installed a Pokemon Go-Related App That Roots and Hijacks Android Devices More

Over 500K People Have Installed a Pokemon Go-Related App That Roots and Hijacks Android Devices

Comments Filter:

  • Installed? (Score:5, Insightful)

    by AmiMoJo ( 196126 ) on Friday September 16, 2016 @06:04AM (#52899013) Homepage Journal

    Installed or downloaded? Android scans apps, even side loaded ones, during installation for malware. This app has been on the banned list for ages.

    So 500k downloads could equal zero installs.

    • Installed or downloaded? Android scans apps, even side loaded ones, during installation for malware. This app has been on the banned list for ages.

      So 500k downloads could equal zero installs.

      But you know it doesn't.

    • Re: (Score:3, Informative)

      by Anonymous Coward

      Installed or downloaded? Android scans apps, even side loaded ones, during installation for malware. This app has been on the banned list for ages.

      So 500k downloads could equal zero installs.

      That's in the paragraph below the one quoted by TFA:

      The app, named Guide for Pokémon Go, made its way onto the official Google Play Store, from where over 500,000 users downloaded and installed it on their smartphones.

      Kaspersky says that telemetry data received from its security products found that at least 6,000 users had their phones rooted and under the malware author's control.

      If it roots on activation it's odd to say that there have been 500K installs but only around 6K roots. 500K downloads and

      • Re: (Score:3)

        by geogob ( 569250 )

        No every Android phone with the installed app / root kit may have some Kaspersky security product delivering telemetry. This makes those numbers a bit difficult to interpret understand.

        I do not believe that both numbers (the 500k and the 6000) can be related and compared. In the end you can only conclude what is written in the text: at least 6000 phones are compromised, with the implicit knowledge that this number may be much higher, possibly in the 500 k range.

        An interesting information would be to know ho

        • Re: (Score:3)

          by AmiMoJo ( 196126 )

          500k seems to be the number of downloads, so I'd imagine that between people who don't have side-loading enabled, who see the warnings during installation and change their minds, who have AV that blocks it, that got the Play update that blocks it or who have incompatible devices (there is no universal root exploit for Android, they are all kernel/bootloader specific) the number of infected devices is probably quite low.

  • How did this get out, dammit! (Score:3)

    by Opportunist ( 166417 ) on Friday September 16, 2016 @06:14AM (#52899053)

    Oh, you're not talking about the "genuine" variant?

    Oh. Never mind, carry on...

  • Gotta catchem all. (Score:2, Funny)

    by Anonymous Coward

    Looks like they caught a "peekatyou".

    • Re: (Score:2)

      by asylumx ( 881307 )
      The day after the game came out, a coworker said to me "I caught a pikachu coming out of the shower" which was immediately alarming for a moment until I got the context sorted out in my head.

  • ROOT!? (Score:1)

    by Anonymous Coward

    Does it root any Android device? Does anybody knows how dies it work?
    Because I have been trying to root mine for ages...

    • Re: (Score:2)

      by alexo ( 9335 )

      I admit that I am an Android noob, but when I searched about rooting my Nexus 5, I got the impression that doing so will factory reset my device, and I will lose some of my data unless I backed it up first. Except that the even the best backup apps would not back up everything, unless the phone is already rooted...

  • Malware (Score:5, Funny)

    by Oswald McWeany ( 2428506 ) on Friday September 16, 2016 @07:48AM (#52899353)

    Malware, gotta catch 'em all.

  • Ultimate Root App (Score:4, Insightful)

    by scratchy_king ( 1576089 ) on Friday September 16, 2016 @08:35AM (#52899505) Homepage

    The trojan roots all Android devices released between 2012 and 2015?

    Without needing to unlock the bootloader, install custom recovery, etc.?

    Awesome! Where do I sign up!?

  • For who knows why, Niantic's latest update to PoGo bars all rooted users from playing. Would this app cause all of those players to no longer access the game?

  • This just goes to show what happens when you put an operating system in the hands of millions/billions of every day users. It can be Windows, Linux, OSX, iOS, Android, it doesn't matter. People are idiots and they will install anything. I didn't really think it was possible to root a phone simply by installing an app. That definitely is a failing in the security. But there isn't really anything you can do to completely stop all attacks if people are going to install random software.

    • Re: (Score:2)

      by Maritz ( 1829006 )

      People are idiots and they will install anything.

      Most people would say it's reasonable to install from the google play market, because it's curated/vetted. You on the other hand, think they're idiots. Can you talk us through what you would do, if you saw an app in the market that was interesting to you? Go through the code, maybe? Maybe nothing would ever be of interest to you, because you're not an idiot?

      The important thing is you declared your smartness to slashdot. I think that's all that matters in the end, no?

    • Re: (Score:2)

      by tlhIngan ( 30335 )

      This just goes to show what happens when you put an operating system in the hands of millions/billions of every day users. It can be Windows, Linux, OSX, iOS, Android, it doesn't matter. People are idiots and they will install anything. I didn't really think it was possible to root a phone simply by installing an app. That definitely is a failing in the security. But there isn't really anything you can do to completely stop all attacks if people are going to install random software.

      That's why Apple generall

  • It Really Pisses Me Off (Score:2, Insightful)

    by Anonymous Coward

    It really pisses me off that these apps can supposedly root Android and install all sorts of apps, yet trying to get root on my Galaxy is a convoluted game of Twister requiring the setting of permissions, installing special PC software, installing special (skecthy as fuck) boot loaders, custom (sketchy as fuck) recovery environments, and more.

    And, rooting Amazon fire tablets is either impossible or it's utterly bricked in the attempt.

    How is it that these bullshit apps can so easily get root and install hidd

    • I just used the latest version of Kingroot when it seemed like I would not be able to root/jailbreak my 5th generation KindleFire No PC needed

    • Re: (Score:2)

      by tlhIngan ( 30335 )

      It really pisses me off that these apps can supposedly root Android and install all sorts of apps, yet trying to get root on my Galaxy is a convoluted game of Twister requiring the setting of permissions, installing special PC software, installing special (skecthy as fuck) boot loaders, custom (sketchy as fuck) recovery environments, and more.

      The problem if you're trying to get root to do useful stuff, like a root shell and other things. Plus, you probably want it untethered.

      The apps just need root to insta

  • There are literally hundreds of such apps, which probably most the time just contain a few buttons with nice pokemon images and some sections of the FAQ ... and of course a lot of ads. This makes it really hard to find good apps, like pokevision (RIP) or Pokeradar or some useful pokedex, which has the weaknesses of the pokemon as they are in pokemon go.

    • I did once (July) install an app with that name, but there are many with the same name on the Play store. I uninstalled it the next day because it was crap. Screenshots look familiar, but I'm not sure.

      At least I don't see any suspicious files with setuid permissions, but then: /system/xbin/su is also mode rwx. I guess I'll reflash my ROM (CM13) this weekend, just to be sure...

  • People are still playing Pokemon Go?!
  • Vintage Leather Bags [vintagelea...agsusa.com] Vintage Leather Bag | Vintage Leather Bags | Vintage Leather Bags for women | Vintage Leather Bags for men | Handmade Vintage Leather Messenger Bags , Vintage Leather Laptop Bags , Vintage Leather Luggage Bags , Vintage Leather Backpack Bags , Vintage Leather Travel Bags, Vintage Leather bags, Vintage leather backpack Bags, Vintage Leather satchel bags,Vintage leather duffle Bags, Vintage Leather Tote bags

Slashdot Top Deals

I have hardly ever known a mathematician who was capable of reasoning. -- Plato

Close